Hab jetzt schon einiges drüber gelesen, aber krieg den Mist nicht weg. Also: Immer secure.html Startseite>nicht entfernbar. Grund dafür ist gleub ich die Datei nem219.dll, kann die aber nicht löschen. So, hier mein Hijackthis Protokoll:
Logfile of HijackThis v1.97.7
Scan saved at 00:01:16, on 19.07.2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Programme\Alwil Software\Avast4\aswUpdSv.exe
D:\Programme\Alwil Software\Avast4\ashServ.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\Tablet.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\Explorer.EXE
D:\Programme\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Internet Optimizer\actalert.exe
D:\Programme\Bargain Buddy\bin2\bargains.exe
D:\WINNT\system.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINNT\System32\internat.exe
D:\DOKUME~1\M0PKRA~1.CC-\LOKALE~1\Temp\msbb.exe
D:\Dokumente und Einstellungen\m0pkrause.CC-0006\Desktop\Tim\Antivir\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = D:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = D:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=125781
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = D:\WINNT\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = D:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINNT\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = D:\WINNT\secure.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINNT\nem219.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - D:\WINNT\2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - D:\WINNT\Downloaded Program Files\bridge.dll
O2 - BHO: (no name) - {9E992732-295F-4987-8BE3-16FAC1639198} - D:\DOKUME~1\M0PKRA~1.CC-\ANWEND~1\IESERV~1\IEService.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [BearShare] E:\APPS\COMMUN~1\BEARSH~1\BEARSH~1.EXE /m
O4 - HKLM\..\Run: [PrinTray] D:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] E:\Apps\Communication\ICQ\NDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "E:\Apps\audio\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Apps\system\recording\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "E:\Apps\system\recording\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [IST Service] D:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] D:\Programme\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Bargains] D:\Programme\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [msbb] d:\dokume~1\m0pkra~1.cc-\lokale~1\temp\msbb.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "D:\WINNT\Downloaded Program Files\bridge.dll",Load
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Babylon Translator] E:\Apps\system\Translation\Babylon\Babylon.exe
O4 - HKCU\..\Run: [\IEService.exe] D:\DOKUME~1\M0PKRA~1.CC-\ANWEND~1\IESERV~1\IEService.exe
O4 - HKCU\..\Run: [Rcst] D:\Dokumente und Einstellungen\m0pkrause.CC-0006\Anwendungsdaten\esue.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Programme\Spyware Doctor\spydoctor.exe" /Q
O4 - Startup: Kremlin Sentry.LNK = E:\Apps\system\Encrypter\Kremlin\Kremlin Sentry.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Apps\Office\Microsoft\Office\OSA9.EXE
O4 - Global Startup: subst_Redirector.bat
O8 - Extra context menu item: &Google Search - res://D:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://D:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://D:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/legal/x.chm::/load.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31FD415A-1103-4329-B323-2DE693146C4E} (InstallHelper Class) - http://survey.there.com/qualsurvey/ThereInstallHelper.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6F6E3A5E-4A75-45F0-BDDE-21B6C4496E2B} (LAInstaller Class) - http://www.cantoche.com/test/LAinstall.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38117.5255324074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEADBEEF-DEAD-BEEF-DEAD-BEEFDEADBEEF} - http://www.haptek.com/products/player/autoinstall/data/latest.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
wär super wenn mir einer helfen könnte.
kruicidal Gast |